CCSK Practice Tests by Malisow Ben
Author:Malisow, Ben [Malisow, Ben]
Language: eng
Format: epub
Publisher: Maladjusted Works
Published: 2021-01-02T16:00:00+00:00
Domain 2 Answers
26. â Answer: D
See page 28 of the Cloud Security Alliance (CSA) Security Guidance v4.
27.â Answer: B
Every organization is responsible for its own governance. See page 28 of the Cloud Security Alliance (CSA) Security Guidance v4.
Organizations can, and often do, outsource the business functions listed in the other answers.
28.â Answer: A
According to the Cloud Security Alliance (CSA) Security Guidance v4 (page 28), cloud providers try to leverage economies of scale for these purposes.
The other answers may, in fact, be things that cloud providers also do, but A is the correct answer according to the Guidance.
29.â Answer: B and C
See page 29 of the Cloud Security Alliance (CSA) Security Guidance v4.
30.â Answer: B
According to the Cloud Security Alliance (CSA) Security Guidance v4 (page 29), the contract is the only guarantee of service and commitment (aside from legal action).
31.â Answer: D
The customer should know what the assessment/audit actually reviewed, not just which standard was used as the basis for the review. See page 30 of the Cloud Security Alliance (CSA) Security Guidance v4.
The inflation rate is a measure of the soundness of a particular currency, and doesnât really have anything to do with audits of cloud providers. The type of hypervisor the provider uses isnât particularly pertinent, as long as the assessment/audit determined whether the appropriate controls were used to secure it (and that those controls are functioning properly). Knowledge of the market isnât critical when reviewing an assessment/audit.
32.â Answer: B
The size of the audit effort (or audit provider) is not typically indicative of whether the audit is meaningful and trustworthy.
All the other answers are, in fact, reasons to trust a particular auditor/firm. See page 30 of the Cloud Security Alliance (CSA) Security Guidance v4.
33.â Answer: B
The CSA Security, Trust, and Risk program registry is a centralized collection of cloud provider assessments. (See page 30 of the Cloud Security Alliance (CSA) Security Guidance v4.
The CCM and CAIQ are assessment tools used by providers to create content for the STAR Registry. There is no OIP, which I made up.
34.â Answer: C
Risk management in the cloud is often described as a shared responsibilities model; the provider is responsible for managing certain risks, while the customer is responsible for others. (See page 30 of the Cloud Security Alliance (CSA) Security Guidance v4.)
The Bell-LaPadula model is an access control model. A covert channel is an attack method for observing target activity. Risk management cannot be totally outsourced.
35.â Answer: A and D
The Cloud Security Alliance (CSA) Security Guidance v4 (page 30) specifically notes that good contracts and documentation (from the provider) are essential to enterprise risk management in the cloud.
Neither an equity stake, public interest, nor physical distance of the parties significantly affect risk management.
36.â Answer: B
Senior management of each organization will determine the risk tolerance (also referred to as ârisk appetiteâ or ârisk thresholdâ) of a particular organization. (See page 31 of the Cloud Security Alliance (CSA) Security Guidance v4.)
37.â Answer: C
According to the Cloud Security Alliance (CSA) Security Guidance v4 (page 31), SaaS demonstrates the most critical need for a negotiated contract.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7397)
Grails in Action by Glen Smith Peter Ledbrook(7291)
Kotlin in Action by Dmitry Jemerov(4633)
Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can't Afford to Be Left Behind by Charles Babcock(4127)
The Age of Surveillance Capitalism by Shoshana Zuboff(3411)
Learn Windows PowerShell in a Month of Lunches by Don Jones(3236)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3013)
Mastering Python for Networking and Security by José Manuel Ortega(2937)
Blockchain Basics by Daniel Drescher(2884)
TCP IP by Todd Lammle(2633)
Microsoft 365 Identity and Services Exam Guide MS-100 by Aaron Guilmette(2541)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2478)
Hands-On Azure for Developers by Kamil Mrzyglod(2397)
React Native - Building Mobile Apps with JavaScript by Novick Vladimir(2335)
MCSA Windows Server 2016 Study Guide: Exam 70-740 by William Panek(2309)
The Social Psychology of Inequality by Unknown(2304)
The Art Of Deception by Kevin Mitnick(2294)
Configuring Windows Server Hybrid Advanced Services Exam Ref AZ-801 by Chris Gill(2293)
Azure Containers Explained by Wesley Haakman & Richard Hooper(2178)